Computer programs often contain flaws, and in some instances these flaws can be exploited in such a way that a security or privacy violation is possible. Conventionally, these flaws could only be prevented by careful testing and code review. Unfortunately, these techniques are not perfect and often production code is released with security flaws. It is desirable to detect a flaw and intervene at the time of attack.
A runtime library is a library of routines that are bound to a program during execution. Exemplary C runtime functions are setjmp and longjmp. The setjmp function saves a stack environment, which can subsequently be restored using longjmp. When used together, setjmp and longjmp provide a technique to execute a nonlocal goto. They are typically used to pass execution control to error-handling or recovery code in a previously called routine without using the normal calling or return conventions.
Conventionally, a call to setjmp saves the current stack environment in “env”. A subsequent call to longjmp restores the saved stack environment and execution locale previously saved in env. longjmp returns control to the point just after the corresponding setjmp call. Execution then resumes at that point. All variables (except register variables) accessible to the routine receiving control contain the values they had when longjmp was called. These runtime functions store information in a structure of type jmp_buf. The jmp_buf structure contains a code pointer along with other information.
Runtime functions may put information, such as pointers, on a stack. This has provided attackers with an opportunity to maliciously attack the runtime function model by attacking the stack or the information pointed to by the pointers on the stack. In particular, an attacker can overrun (i.e., overflow) a buffer (e.g., a jmp_buf structure) that can provide the opportunity to rewrite a return address. Because the return address was corrupted (e.g., by being overwritten), the operating system passes control of the program to arbitrary code supplied by the attacker. It is thus desirable to intervene in the middle of an attack and stop an attacker from hijacking the computer or otherwise interfering with the normal operation of the computer. Moreover, it is desirable to protect against an attacker modifying a jmp_buf structure via a buffer overflow or other means.
In view of the foregoing, there is a need for systems and methods that overcome the limitations and drawbacks of the prior art.